Permissions-Policy: attribution-reporting
{{HTTPSidebar}} {{SeeCompatTable}}
The HTTP {{HTTPHeader("Permissions-Policy")}} header attribution-reporting directive controls whether the current document is allowed to use the Attribution Reporting API.
Specifically, where a defined policy blocks the use of this feature:
- Background
attributionsrcrequests won’t be made. - The
{{domxref("XMLHttpRequest.setAttributionReporting()")}}method will throw an exception when called. - The
attributionReportingoption, when included on a{{domxref("Window/fetch", "fetch()")}}call, will cause it to throw an exception. - Registration headers (
{{httpheader("Attribution-Reporting-Register-Source")}}and{{httpheader("Attribution-Reporting-Register-Trigger")}}) in HTTP responses on associated documents will be ignored.
Syntax
Permissions-Policy: attribution-reporting=<allowlist>;
<allowlist>- : A list of origins for which permission is granted to use the feature. See
Permissions-Policy> Syntax for more details.
- : A list of origins for which permission is granted to use the feature. See
Default policy
The default allowlist for attribution-reporting is *.
Specifications
{{Specifications}}
Browser compatibility
{{Compat}}
See also
{{HTTPHeader("Permissions-Policy")}}header- Permissions Policy
- Attribution Reporting API